RE: [ActiveDir] OT: Gauging AD experience

[Myrick, Todd \(NIH/CC/DNA\) [E]]

I should have listed Routers configured to drop packets as well as firewalls.  We had a situation where a child domain was on a different network segment, and their router team configured it to drop 1024 packets (The first port RPC pings to establish a secure channel) coming from outside their network.  We started to see replication problems once the DC was rebooted, so we figured it was a firewall issue.  Took some digging to determine it was the router configuration.   And I am not bitter, just have a few scars and late nights at the office, Gil.   The Exchange ADC is also a neat little topic as well.  That thing seems to have a mind of its own.   TM       From: Kamlesh Parmar [mailto:[EMAIL PROTECTED] Sent: Saturday, January 21, 2006 7:30 AM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] OT: Gauging AD experience   Tell me about it !!   I faced a situation where, network team proactively blocked port 139/445 for the fear of virile without any communication, and AD team had not installed monitoring tools like sonar or ultrasound so they were clueless how come policies are not applying uniformly across locations. It took them some time to find out.   And then AD team started telnetting ports required for AD to make sure they are open, and installed ultrasound, scheduled propagation tests to make sure it is propagating fully.   But, network team was up to it, next time they rate limited 139/445 port, and gradually AD team could see propagation time becoming longer and longer.   So, when I see Brian mention rate-limit commands for cisco, I chuckle. :*)   (Brian nothing wrong with rate-limit, just a cross-reference in my mind)   -- Kamlesh   On 1/21/06, Myrick, Todd (NIH/CC/DNA) [E] <[EMAIL PROTECTED]> wrote: In my experience, when good directories go bad, it is usually due to three things.   Firewalls Firewalls Did I list firewalls?   Runner ups would be ADC for Exchange, Clowns posing as Administrators, Clowns posing as DNS experts, Clowns posing as Security experts, and no disaster recovery solution.   Todd Myrick Brushing off the dust of my MVP status.